IETF Logo Mail Archive

Re: [v6ops] Our IPv6-only home network and future experiments

Brian Candler <brian@nsrc.org> Fri, 12 April 2024 16:27 UTC

Return-Path: <brian@nsrc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B27AC14F6A2 for <v6ops@ietfa.amsl.com>; Fri, 12 Apr 2024 09:27:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nsrc.org header.b="DruwtOjJ"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="P8i3y+6a"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kk-0TTB9ahDb for <v6ops@ietfa.amsl.com>; Fri, 12 Apr 2024 09:27:47 -0700 (PDT)
Received: from wfhigh1-smtp.messagingengine.com (wfhigh1-smtp.messagingengine.com [64.147.123.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 720E3C14F5EF for <v6ops@ietf.org>; Fri, 12 Apr 2024 09:27:46 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfhigh.west.internal (Postfix) with ESMTP id 29BF71800074; Fri, 12 Apr 2024 12:27:42 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Fri, 12 Apr 2024 12:27:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nsrc.org; h=cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1712939261; x=1713025661; bh=MqV+s7P3cWvqFNemo0hkzDlyz1BlTQK4GlbrIFjv050=; b= DruwtOjJrW8xs1WsXFKm1eBL2hxD4+TpG3ZrNp480Z8EfB6MK0zytF3Vi/XIj5rJ rB/LpgzgOnFl7tC3r1VhXHeisSI5Y/2t5rRV8nVWCGFUETd8SE/9c3ExtOLwM1SJ sq/UajZL7eniesj+J+axv/FmGbVD/8jYfGzN5D8ViwkvarSsLZAm/1dqkBudKcRu c6St7o0ax+VS7LY7X+D2j+uPE5nhzlqZ5ivulJlHivc6JcVx4gWPBPupLcW08nTz Y1uIDXhdriBaA5slGwh8BCsJ0ZnIIGbFOhkyttdsMn/t33i859U68SgO0RBQfskJ Ucklj4lhzIqaZdHP4LjWng==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1712939261; x= 1713025661; bh=MqV+s7P3cWvqFNemo0hkzDlyz1BlTQK4GlbrIFjv050=; b=P 8i3y+6atOYORc4SbYjxxlnTc3liJplpVWiOVwhQC+WQiNBrkPQcyDVbmDmXFIcU3 5OT1DgE8t5vZ+3k6r1zLHxkG7wWAb4PttX2kyUo0bKd7Q537lrm65ZhMVFrl8r6+ pS2dVYXc5NQMrU0NftdcR1Feho1b+a2kaGqJFgPLMg+hWtBxGqlCeTb/CXix7ydT LdTJghWB6ggTCSIyfF1fqgvtTMp5wyarerzwdugnDEyd+IIpRb6E9Ygzq3ZreImf XYTzaQ3vT/oohUBc8FUBCv3SOXUXmIQzrTS8xccIOorm/KyS1QbvNqHQFWHgL5x4 yytqq307A+941VTEGImWQ==
X-ME-Sender: <xms:_WAZZqdz_3jpLgw3q9wFydFxUYOcWhlsby4vxhyeSqLw9NU_DY9-dA> <xme:_WAZZkNklr6Ir4t_Sec_72lmZMi24kKV8lgKiBwCj7SSDiDvyg9y1SFv9dhnC2oVH qDvz8v6KsXy07yFnX8>
X-ME-Received: <xmr:_WAZZrg6QcOllVJ_ftEf--eqcBjZfoD0_JnCMlfJGO9v5us5mgV758Po4FBbyvg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudeiuddguddtvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepkfffgggfuffvfhfhjggtgfesth ejredttddvjeenucfhrhhomhepuehrihgrnhcuvegrnhgulhgvrhcuoegsrhhirghnsehn shhrtgdrohhrgheqnecuggftrfgrthhtvghrnhepvefhkeejueeuueetgfehjeehkeetle dtvedtvdfhvefhfeevjedvgfefieetteehnecuvehluhhsthgvrhfuihiivgeptdenucfr rghrrghmpehmrghilhhfrhhomhepsghrihgrnhesnhhsrhgtrdhorhhg
X-ME-Proxy: <xmx:_WAZZn-8CrTxgoSddZv5UeIK72vAJCYWY094ou1paJFdrmNDUiQb_g> <xmx:_WAZZmsgRHH6MbFfoKqCwcDh9p5Kw_kX0TZAjXSkrHnIRsnUVJGnGg> <xmx:_WAZZuGLrJw8wKCDCyIClhBCYWKnmXaSqPqtLJdkQfgrrhJL-2RRvA> <xmx:_WAZZlNGLT8IU47alYV4RjaJiATxhLVXxmREPNHaj5yLoVSq8Qp74Q> <xmx:_WAZZqIsTDln1k6pQfBS9TwY22escVFCmS_PtKUY26eDVt064-HkWk6v>
Feedback-ID: i8f09498f:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 12 Apr 2024 12:27:40 -0400 (EDT)
Message-ID: <41f8a841-57af-4744-b875-11007dab3faf@nsrc.org>
Date: Fri, 12 Apr 2024 17:27:40 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
To: "Soni \"They/Them\" L." <fakedme+ipv6@gmail.com>, IPv6 Operations <v6ops@ietf.org>
References: <91ee2782-c98a-4ccf-ae8f-71be571420b6@gmail.com> <0ea1d4ca-d00f-4b08-b5d6-16fe18415702@nsrc.org> <cb8d2c37-4819-4255-b91b-302cc8fe980e@gmail.com>
From: Brian Candler <brian@nsrc.org>
In-Reply-To: <cb8d2c37-4819-4255-b91b-302cc8fe980e@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/PJkt9oA3r-relffh64L5iS13Y4k>
Subject: Re: [v6ops] Our IPv6-only home network and future experiments
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2024 16:27:52 -0000

On 12/04/2024 16:23, Soni "They/Them" L. wrote:
>
>> 1. libc needs to decide whether to use the CLAT in preference to 
>> regular IPv4 sockets, e.g. by detecting the presence of an active 
>> IPv4 stack or default route, and/or the presence of DHCP option 108.
>
> The idea is to not have regular IPv4 sockets, it'll always use the CLAT. 

I don't think that'll work, if for example you want to move a laptop 
between a dual-stack network (which doesn't have a PLAT) and a v6-only 
network.

But consuming information from /etc and/or /run is not a big deal, as 
you say.

Maybe there is an argument for pushing this behaviour right down into 
the kernel, but libc is an easier place to experiment with it.


>>
>> Having said that, accepting incoming traffic for an application that 
>> opens an IPv4-only socket is probably not a big concern. I'd just 
>> wonder about an app that binds to 0.0.0.0 before making an outbound 
>> connection.
>
> Those are surprisingly easier to support, since they generally use a 
> random port.

True: although you don't know in advance how the socket is going to be 
used, you could allow the bind if the port is 0, and deny it if a 
non-zero port is given.

Anyway, I'm sure this will all come out in the wash, and I look forward 
to seeing your code in action. Having Linux servers be able to make 
*outbound* connections is the main thing stopping me from turning server 
networks into v6-only at the moment.

Cheers,

Brian.

v2.23.0 | Report a Bug | By Email